Obtaining a System Service Account
Prior to gaining access to the Document Exchange server (DXC) web services, you will first need to request from a Maximus a system to system service account within the Keycloak authentication server. Please contact Eric Lian at Maximus by Email to obtain your new System account and along with instructions regarding setting a password.
OAuth 2.0 Process Overview
At a high level the OAuth 2.0 process flow is as follows:
- Step 1: Your client software will issue a request to Keycloak that contains this user name and password to in turn acquire OAuth Access and Refresh tokens.
- Step 2: Your client software can now issue web service requests to the Maximus DXC server by passing the Access token as part of the request.
- Step 3. Access tokens in production expire every hour while the refresh token expires every 24 hours. For development environments, including the sandbox, the access token expires in 5 minutes and the refresh token expires in 15 minutes. Implementations should ensure that an access token has a sufficient lifespan prior to issuing a service call.
- Step 4. Once the Refresh Token expires, the user will be required to repeat Step 2 to obtain new Access and Refresh tokens.
For more detailed documentation on OAuth 2.0 along with assistance for language specific implementations please visit the OAuth 2.0 web site.
The SDK download includes both a time biased (Java) and a percent used (.NET) sample to provide a starting point for implementing your token management.